Privacy Policy

2. Definitions

For this Privacy Policy:

"Todemy" / "we" / "us" / "our"

Refers to Todemy Learning Private Limited, operating the Todemy platform, including its website, mobile applications, and related services.

"Service"

Refers to all Todemy products and features, including learning modules, child development tools, parent dashboards, health and wellness features, community features, and partner or institutional services.

"Parent" / "Guardian"

Refers to an adult who creates and manages an account, provides consent for a child, and controls access to the Service.

"Child"

Refers to any individual under the age of 18. While "child" is defined broadly under applicable law, Todemy is specifically designed for children aged 2–7, and all usage must occur under parental supervision.

"Personal Data" / "Personal Information"

Means any information that identifies or can reasonably identify an individual, including name, contact details, child profile information, device data, and usage data.

"Sensitive Personal Data"

Includes higher-risk information such as health-related information and audio or voice data, where applicable. This type of data requires additional protection and, where required, explicit parental consent.

"Processing"

Means any operation performed on personal data, including collection, storage, use, analysis, sharing, or deletion.

"Parent Dashboard"

Refers to the interface where parents can manage child profiles, control permissions, and access or delete data.

"Partner" / "Institution"

Refers to schools, educators, or organizations that use Todemy services or provide access to children through institutional arrangements.

3. Information We Collect

Todemy collects personal information only as necessary to provide, operate, improve, and secure the Service. The type of information collected depends on how the parent, child, or partner uses the platform. We do not collect personal data beyond what is reasonably required for the intended purpose.

3.1 Parent or Guardian Information

When a parent or guardian creates or manages an account, we may collect:

• Name
• Email address
• Phone number
• Login and verification details, such as OTP
• Account settings and preferences
• Communication data, such as support requests or feedback
• Subscription or payment status, if paid features are enabled

3.2 Child Profile Information

When a parent creates a child profile, we may collect:

• Child's name or nickname
• Age or date of birth
• Learning level and preferences
• Interests and activity choices
• Progress, milestones, and achievements

Parents are encouraged to use a nickname instead of a full legal name where possible.

3.3 Learning and Usage Information

We may collect information about how the child interacts with the Service, including:

• Lessons accessed
• Activities completed
• Time spent on features
• Interaction patterns
• Progress reports and performance insights

This information helps personalize the learning experience and provide useful insights to parents.

3.4 Health and Wellness Information

If a parent enables health or wellness features, we may collect limited information such as:

• Allergies
• Dietary preferences
• Vaccination records
• General wellness inputs such as height, weight, or nutrition preferences

This information is treated as sensitive personal data and is used only to provide the selected features.

Todemy may provide vaccination reminders based on the information entered by the parent.

Todemy does not provide medical advice, diagnosis, treatment, or medication reminders.

3.5 Voice, Audio, and AI Interaction Data

If voice or AI-based features are enabled, we may collect:

• Voice inputs or audio recordings
• Speech-to-text transcripts
• Chat inputs and responses
• Interaction logs

This data is used only to provide the feature, improve functionality, and maintain safety.

3.6 Location and Community Information

If a parent enables community or location-based features, we may collect:

• Approximate or precise location data
• Community profile details
• Posts, messages, and interactions

Location and community features are optional and controlled by the parent. Children do not independently share location.

3.7 School, Institution, and Partner Information

If Todemy is used through schools or partners, we may collect:

• Organization name
• Contact details
• Authorized user information
• Usage data related to the Service

3.8 Device and Technical Information

We may automatically collect:

• IP address
• Device type and operating system
• App version
• Log files and crash data
• Session activity

This information is used for security, performance, and system improvement.

3.9 Information from Third Parties

We may receive limited information from:

• Authentication providers
• Payment processors
• Hosting or infrastructure providers
• Analytics tools
• Schools or institutional partners

4. How We Use Information

Todemy uses personal information only as necessary to provide, operate, improve, and secure the Service, and to support parents in managing their child's learning and development.

4.1 To Provide and Operate the Service

We use information to:

• Create and manage parent accounts
• Create and maintain child profiles
• Deliver learning content and activities
• Provide progress tracking and reports
• Authenticate users and maintain account access

4.2 To Personalize Learning and Development

We use child profile and usage data to:

• Customize learning experiences based on age and level
• Recommend relevant content and activities
• Track development milestones and progress
• Improve engagement and learning outcomes

4.3 To Provide Health and Wellness Features

If a parent enables health or wellness features, we use the information to:

• Store and organize basic health records
• Provide vaccination reminders only
• Offer general wellness insights, such as nutrition suggestions

Todemy does not provide medication reminders, medical advice, diagnosis, or treatment.

All health-related features are for informational and organizational purposes only.

4.4 To Enable AI and Interactive Features

If AI or voice features are enabled, we use information to:

• Respond to user inputs
• Generate interactive learning experiences
• Improve feature accuracy and safety
• Detect and prevent misuse

4.5 To Enable Community Features

If community features are activated, we use information to:

• Connect parents with other parents
• Enable posting, messaging, and interaction
• Monitor and moderate content for safety

These features are optional and controlled by the parent.

4.6 To Communicate with Users

We use contact information to:

• Send service-related updates
• Respond to support requests
• Send important account or security notifications

We do not use children's personal data for marketing.

4.7 To Improve and Analyze the Service

We use data to:

• Understand usage patterns
• Improve features and performance
• Fix bugs and technical issues
• Enhance user experience

4.8 To Ensure Safety, Security, and Compliance

We use information to:

• Detect and prevent fraud or misuse
• Maintain platform security
• Enforce our policies
• Comply with legal obligations

4.9 Payments and Subscriptions

If paid features are enabled, we use information to:

• Process payments
• Manage subscriptions
• Provide billing support

Todemy does not store full payment card details. Payments are processed securely by third-party payment providers.

4.10 Limited Communication with Parents

We may use parent contact information to:

• Share important updates
• Send service-related announcements

Parents may opt out of non-essential communications at any time.

Children's personal data is not used for advertising or marketing.

5. Legal Basis and Parental Consent

Todemy processes personal information in accordance with applicable data protection laws and is designed as a parent-managed service for children.

5.1 Parent-Controlled Access

Todemy is a parent-managed platform. Children are not permitted to create independent accounts.

Before a child's profile is created, a parent or legal guardian must:

• Create an account
• Complete verification steps
• Confirm they are authorized to act for the child

5.2 Legal Basis for Processing

We process personal data based on the following:

We do not rely on broad legitimate interests for processing children's personal data.

5.3 Verifiable Parental Consent

Before collecting or processing a child's personal information, Todemy obtains verifiable parental consent using methods reasonably designed to confirm that the person providing consent is the child's parent or legal guardian.

These methods may include:

• Verified email confirmation combined with additional verification steps
• Phone number verification using secure OTP mechanisms
• Payment or identity-based verification where appropriate
• Other legally accepted verification methods

Todemy maintains records of consent and may require renewed consent if there are material changes in data practices.

5.4 Feature-Specific Consent

Certain features require a separate action by the parent before activation, including:

• Health and wellness features
• Voice or audio features
• AI-based interactions
• Location-based features
• Community or messaging features

Parents can enable or disable these features at any time.

5.5 Withdrawal of Consent

Parents may withdraw consent at any time.

Upon withdrawal:

• Processing of the relevant data will stop
• Associated features will be disabled
• Data will be deleted unless retention is required by law

Withdrawal does not affect processing carried out before withdrawal.

5.6 No Behavioral Advertising

Todemy does not use children's personal data for:

• Behavioral advertising
• Targeted marketing
• Profiling for marketing purposes

Children's data is used only to provide and improve the Service under parental control.

6. How We Share Information

Todemy does not sell children's personal information. We share personal information only as necessary to operate the Service, comply with legal obligations, or with parental direction.

6.1 Service Providers

We may share information with trusted third-party service providers that help us operate and improve the Service, such as:

• Hosting and cloud infrastructure providers
• Authentication and verification services
• Payment processing providers
• Customer support tools
• Analytics and performance tools

These providers process personal data only on our instructions and are required to protect it in accordance with applicable laws.

6.2 AI and Technology Providers

If AI or voice-based features are enabled, certain data, such as user inputs or interaction data, may be processed by technology providers to deliver the requested functionality.

Such processing is limited to what is necessary for the feature and is subject to appropriate safeguards.

6.3 Schools, Institutions, and Partners

If Todemy is used through a school or institutional partner, we may share relevant information with that entity to provide the Service.

In such cases, the institution's role will depend on the arrangement and may be defined in a separate agreement.

6.4 With Parental Direction

We may share information when a parent or guardian explicitly chooses to do so, including when enabling community features or interacting with other users.

6.5 Legal and Safety Requirements

We may disclose personal information where required by law or where necessary to:

• Comply with legal processes
• Protect the safety and rights of users
• Prevent fraud or misuse

6.6 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate safeguards.

6.7 No Sale or Advertising Use

Todemy does not:

• Sell personal information
• Share children's personal data for advertising
• Allow third-party advertising based on child data

7. Data Retention

Todemy retains personal information only for as long as necessary to provide the Service, comply with legal obligations, and ensure security. We do not retain data longer than required for the purposes described in this Privacy Policy.

7.1 Retention Principles

We follow these principles:

• Data is retained only for a defined purpose
• Data is deleted or anonymized when no longer needed
• Sensitive data is retained for the shortest possible duration
• Parents can request deletion at any time

7.2 Parent Account Data

Parent account information is retained:

• While the account is active
• Until the parent requests deletion

After deletion, data is removed or anonymized within a reasonable period, unless retention is required by law.

7.3 Child Profile Data

Child data is retained:

• While the parent account is active
• Until the parent deletes the child's profile

Once deleted, child data is removed or anonymized, except where legally required.

7.4 Health and Wellness Data

Health-related information is retained:

• Only while the feature is enabled
• Until the parent withdraws consent

When disabled, the data is deleted unless required for legal compliance.

7.5 Audio and AI Interaction Data

Audio recordings, transcripts, and AI interaction data are:

• Retained for a limited period to support functionality and safety
• Deleted or anonymized after they are no longer required

7.6 Community and Location Data

Community posts, messages, and related data are:

• Retained while the feature is active
• Deleted when the parent removes content or disables the feature

Location data is retained only as long as needed to provide the feature.

7.7 Technical and Usage Data

Device, log, and usage data may be retained for a limited period for:

• Security
• Performance monitoring
• Analytics

After this period, the data is deleted or anonymized.

7.8 Legal and Compliance Retention

We may retain certain information for longer periods where required to:

• Comply with legal obligations
• Resolve disputes
• Prevent fraud
• Enforce our agreements

7.9 Retention Schedule

Todemy maintains an internal data retention schedule that defines how long each category of personal data is retained.

Typical retention practices include:

• Parent account data: retained until account deletion
• Child profile data: retained until deleted by the parent
• Health data: retained only while the feature is enabled
• Audio and AI interaction data: retained for a short duration, typically up to 90 days, unless required longer for safety or legal purposes
• Technical and log data: retained for security, fraud prevention, and system monitoring for a limited period

Data is deleted or anonymized once it is no longer required for its intended purpose, unless retention is required by law.

8. Data Security

Todemy takes appropriate technical and organizational measures to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure.

8.1 Security Measures

We implement security safeguards appropriate to the nature of the data, including:

• Encryption of data in transit
• Secure storage systems
• Access controls and authentication mechanisms
• Role-based access restrictions
• Monitoring and logging of system activity
• Regular system updates and security testing

8.2 Protection of Children's and Sensitive Data

We apply enhanced safeguards for:

• Children's personal data
• Health and wellness information
• Audio or interaction data

Access to such data is restricted to authorized personnel only.

8.3 Third-Party Security

Service providers who process data on our behalf are required to:

• Follow appropriate security standards
• Protect data from unauthorized use
• Process data only according to our instructions

8.4 Data Breach Response

In the event of a data breach, Todemy will:

• Identify and contain the incident promptly
• Investigate the cause and impact
• Take corrective and preventive measures

Where required by applicable law, Todemy will:

• Notify relevant authorities, including CERT-In in India, within prescribed timelines
• Inform affected users or parents where there is a risk to their data

Where required by applicable law, affected users or parents will be notified via email, in-app notification, or other appropriate communication channels.

8.5 User Responsibility

While we take reasonable steps to protect data, users are responsible for:

• Keeping account credentials secure
• Not sharing login details
• Using secure devices and networks

9. Cookies and Tracking Technologies

Todemy uses limited cookies and similar technologies to operate, secure, and improve the Service.

9.1 Essential Technologies

We use essential cookies and similar technologies to:

• Maintain user sessions
• Enable login and authentication
• Ensure security and prevent misuse
• Support the core functionality of the Service

These technologies are necessary for the platform to function properly.

9.2 Child-Directed Services

In child-facing areas of the Service:

• We use only the technologies required for internal operations
• We do not use cookies or tracking for advertising purposes
• We do not track children across other websites or services

9.3 Adult-Facing Areas

In sections of the Service used by parents or website visitors:

• We may use limited analytics technologies to understand usage
• Such technologies are used only to improve performance and user experience
• Where required by law, consent will be obtained before using non-essential technologies

9.4 Third-Party Technologies

Some technologies may be provided by third-party service providers that assist in operating the Service.

These providers are not permitted to use children's personal data for their own purposes or for advertising.

9.5 Cookie Controls

Users can manage or disable cookies through their browser settings.

Disabling certain cookies may affect the functionality of the Service.

9.6 No Sale or Sharing of Data

Todemy does not:

• Sell personal information
• Share children's data for advertising purposes
• Use tracking technologies for behavioral profiling of children

10. Children's Privacy

Todemy is designed for use by young children under the supervision and control of a parent or legal guardian. We are committed to protecting children's privacy and handling their information with special care.

10.1 Parent-Controlled Use

Todemy is a parent-managed platform. Children are not permitted to create independent accounts.

All child profiles must be created and managed by a parent or legal guardian.

10.2 Collection of Children's Information

We collect only the information necessary to provide the Service, including learning features, progress tracking, and optional features enabled by the parent.

We do not require a child to provide more personal information than is reasonably necessary to use the Service.

10.3 Parental Consent

We obtain parental consent before collecting or processing a child's personal information where required by applicable law.

Parents can review, modify, or withdraw consent at any time.

10.4 Parental Rights

Parents have the right to:

• Access their child's personal information
• Request correction or deletion
• Enable or disable optional features
• Withdraw consent

Requests can be made through the parent dashboard or by contacting Todemy.

10.5 No Behavioral Advertising

Todemy does not use children's personal information for:

• Behavioral advertising
• Targeted marketing
• Profiling for marketing purposes

Children's data is used only to provide and improve the Service.

10.6 Safety Measures

We implement safeguards to:

• Protect children's data
• Restrict access to authorized personnel
• Prevent misuse of features

Interactive features are designed to be controlled by parents and to prevent children from sharing independently.

10.7 School and Institutional Use

Where Todemy is used through schools or institutional partners, additional terms may apply.

Parents may contact us or the institution to understand how children's data is handled in such cases.

11. User Rights and Choices

Todemy provides parents and users with rights and controls over their personal information in accordance with applicable data protection laws.

11.1 Access to Information

Parents have the right to request access to:

• Their personal information
• Their child's profile data

11.2 Correction of Information

Parents may request a correction or update of inaccurate or incomplete information.

11.3 Deletion of Information

Parents may request deletion of:

• Their account
• Their child's personal data

Subject to applicable legal or compliance requirements.

11.4 Data Portability

Where applicable, parents may request a copy of their data in a structured and commonly used format.

11.5 Withdrawal of Consent

Parents may withdraw consent at any time, including for:

• Health features
• Audio or AI features
• Location or community features

Once withdrawn, related processing will stop, and features will be disabled.

11.6 Restriction and Objection

Where applicable, users may:

• Request restriction of processing
• Object to certain types of processing

11.7 Communication Preferences

Parents may opt out of non-essential communications.

Service-related messages may still be sent when necessary.

11.8 How to Exercise Your Rights

Requests can be made:

• Through the parent dashboard
• By contacting Todemy

We may verify identity before processing requests.

We will respond within the timeframes required by applicable law.

11.9 Complaints

If you believe your data has been handled improperly:

• You may contact Todemy for resolution
• You may also have the right to file a complaint with a relevant data protection authority.

Depending on your location, you may have additional rights under applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection Act (DPDP), India.

12. Account Deletion and Data Removal

Todemy provides parents with the ability to delete their account and associated data at any time.

12.1 Account Deletion

Parents may delete their account through the parent dashboard or by contacting Todemy.

Once deleted:

• Access to the Service will be terminated
• All associated data will be scheduled for deletion or anonymization

12.2 Child Profile Deletion

Parents may delete individual child profiles without deleting the entire account.

Upon deletion:

• All associated child data will be removed or anonymized
• The child will no longer have access to the Service

12.3 Effect of Deletion

When an account or child profile is deleted:

• Learning progress, records, and features will no longer be accessible
• Personal data will be deleted within a reasonable timeframe
• Some data may be retained where required by law or for security purposes

12.4 Withdrawal of Optional Features

Parents may disable optional features at any time, including:

• Health and wellness features
• Audio or AI features
• Location and community features

Once disabled:

• The collection of new data will stop
• Existing data related to that feature will be deleted unless legally required

12.5 Backup and Residual Data

Certain data may remain in secure backups for a limited period before permanent deletion.

Such data is not used for active processing during this time.

13. International Data Transfers

Todemy may process and store personal information in countries other than the country in which you reside.

13.1 Cross-Border Processing

Personal information may be transferred to and processed on servers located in different jurisdictions where Todemy or its service providers operate.

These jurisdictions may have data protection laws that differ from those in your country.

13.2 Safeguards for Transfers

Where personal data is transferred across borders, Todemy uses appropriate safeguards, including:

• Contractual safeguards with service providers
• Secure data transfer mechanisms
• Encryption and access controls
• Organizational and technical security measures

These safeguards are designed to ensure that personal data remains protected during transfer and processing.

13.3 Protection of Children's Data

For children's personal information, Todemy applies enhanced protections and ensures that transfers are limited to what is necessary to provide the Service.

13.4 Compliance with Applicable Laws

Todemy processes personal information in accordance with applicable data protection laws in the regions where it operates.

13.5 User Acknowledgment

By using the Service, parents acknowledge that personal information may be transferred and processed outside their country of residence in accordance with this Privacy Policy.

14. Third-Party Links and Services

Todemy may contain links to third-party websites or services that are not operated or controlled by Todemy.

14.1 External Links

The Service may include links to external websites or services for informational or functional purposes.

Todemy is not responsible for the privacy practices or content of such third-party services.

14.2 Third-Party Features

Certain features of the Service may rely on third-party services such as:

• Payment processing providers
• Authentication services
• Analytics tools
• AI or technology providers

These services may process personal information in accordance with their own privacy policies.

14.3 Parent Responsibility

Parents are encouraged to review the privacy policies of any third-party services they access through Todemy to understand how their information is handled.

14.4 No Control Over Third Parties

Todemy does not control and is not responsible for how third parties collect, use, or share personal information outside of the Todemy Service.

15. Changes to This Privacy Policy

Todemy may update this Privacy Policy from time to time to reflect changes in the Service, legal requirements, or data processing practices.

15.1 Updates

When we make changes, we will update the Effective Date and Last Updated date at the top of this Privacy Policy.

15.2 Notification of Changes

If we make material changes, we will notify parents through appropriate means such as:

• In-app notifications
• Email communication
• Website notices

15.3 Changes Affecting Children's Data

If a change affects how we collect, use, or share children's personal information, we will:

• Provide a clear notice to parents
• Obtain new consent where required by applicable law

15.4 Continued Use

Continued use of the Service after updates will apply only where permitted by applicable law.

Nothing in this Privacy Policy limits any rights available to users under applicable data protection laws.

16. Direct Parent Notice

Before collecting personal information from a child, Todemy provides a direct notice to the parent or legal guardian.

This notice explains:

• What information is collected from the child
• The purpose of collecting the information
• Whether the information will be shared with third parties
• How the parent can provide or refuse consent
• How the parent can review, modify, or delete the child's information

Todemy collects and processes a child's personal information only after providing this notice and obtaining parental consent where required by applicable law.

17. Grievance Redressal

If you have any concerns regarding the processing of your personal data, you may contact Todemy using the contact details provided in this Privacy Policy.

Todemy will:

• Acknowledge the grievance within a reasonable timeframe
• Investigate the issue
• Provide a resolution in accordance with applicable laws

If the issue is not resolved satisfactorily, you may have the right to approach the appropriate regulatory authority.

18. AI and Automated Decision-Making

Todemy may use AI-based features to enhance learning and user experience.

Todemy ensures that:

• AI systems are used only to support learning and platform functionality
• Children's personal data is not used for automated decision-making that produces legal or similarly significant effects
• Human oversight is maintained where necessary
• AI features are designed with safety and fairness in mind

Todemy does not use children's personal data to train AI models for unrelated purposes without appropriate consent and legal basis.

Todemy does not use automated decision-making systems that produce legal, financial, or similarly significant effects on users.

19. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or how Todemy processes personal information, you may contact us using the details below:

Legal Entity Name

Todemy Learning Private Limited

Privacy Email

business@todemy.com

Support Email

support@todemy.com

Registered Address

2154, Phase 7, Sector 61, S.A.S.Nagar (Mohali), PO: Sector 62, DISTT: SAS Nagar (Mohali)

Todemy will respond to inquiries and requests within a reasonable timeframe in accordance with applicable laws.

Data Protection Contact

For privacy-related matters, you may contact our designated data protection representative at: business@todemy.com.